Well, the problem might be that you are using an UPDATE(basically should work) syntax in an INSERT query.
And additionally, the output of mysql_real_escape_string() function is still a string, so it should still be surrounded by 2 single quotes.
why won't you try something like this:
$sec_ques = mysql_real_escape_string($sec_ques);
$insert = "INSERT INTO accounts(field1, filed2, field3)
VALUES('{$status}', '{$acc_type}', '{$sec_ques}')";
If that doesn't work either, perhaps you should migrate into using PDO, much more secure and comfortable.